I need to set-up a lan-to-lan VPN with a Concentrator, with a 5520 ASA at the remote end. Instead of using a pre-shared key like we normally would, we have been asked by the remote end to get a certificate from Verisign.
I have researched the process for this but am still not entirely clear. As I understand, we will need to install a (free) root certificate on the concentrator, then;
1. Generate an identity certificate enroll request (PKCS10?)
2. Make a copy of the request text then send this to Verisign to complete the identity certifcate enrollment process (PKCS #7?)
Could anyone confirm - is this the correct procedure?
Also, Verisign themselves say that we need an SSL certificate for this which I believe is wrong? I thought it was just a digital identity certificate.
Thanks in advance.